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TITLE OP INVENTION 

"Secure Mobile Office Wireless Local-Area Network Application Integration Package 
Running from CD-ROM" 

BACKGROUND OP THE INVENTION 

The Invention is in the field of InterNetworked Computer Systems. It is designed to provide 
enhanced security in general, and specifically to provide for rapid deployment of Secure 
Mobile Offices with full InterNet server and laptop-workstation capabilities, operating in 
and supporting a Secure Wireless Local-Area Network ("LAN") as well as supporting 
general InterNet operations and Virtual Local-Area Network ("VLAN") operations. 

BACKGROUND OF PROBLEM 

Security is increasingly a concern on the global InterNet A wide variety of attacks have 
been launched against many online sites, including invasions of networked computers which 
are responsible for monitoring and control of critical economic and physical infrastructure, 
including computers which control elements of the electrical power distribution system, and 
computers which control dams. Fears of terrorist exploitation of such weak systems are 
reasonable fears, and a variety of methods have been proposed to increase the security of 
these neworked machines. 

Also, rapid data communications between members of organizations, and between 
organizations, is increasingly vital, and in no case is it more vital than in a situation of 
emergency response. These communications must be secure, as a variety of bad outcomes 
may emerge if communications can be intercepted, with or without modification and 
retransmission. 

Situations will probably occur which will require rapid deployment of non-military response 
teams to sites of chemical, biological, or radiological attacks, or similarly catastrophic 
events. Possession of secure data networking technology may be essential to responders to 
such events. Disruptions in supply lines, procurement systems, or the disruptive nature 
of emergency situations might make it difficult to get the necessary computing resources 
into the field, and lack of standardization may further complicate matters, particularly if 
there are incompatibilities between operating systems. There is a clear need for a 
standardized Secure Mobile Office Network Application Package. Furthermore, such Secure 
Mobile Offices must be lightweight, consume little power, be extremely portable at a 
moment's notice, and should be networked mostly wirelessly as an aid to rapid deployment 
and ease of relocation and reconfiguration in the field. Further, such Secure Mobile Offices 
must enable logins to remote computers, in the case where insufficient local capacity exists 
to perform specific operations better done from the headquarters. Such logins to remote 
computers must be exceptionally secure so as to not enable attackers to imitate such 
logins and gain access to the headquarters computer. 
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Secure Mobile Offices might, if deployed into a precipitated catastrophe such as the recent 
destruction of the World Trade Center on 2001 September 11, come under direct attack 
through their networking systems. Thus, their network "hardening" is of high importance. 
Further, multiple layers of hardening should be applied, so that if any one layer is 
penetrated another will be encountered. 

In networked systems, one of the more feared attacks is one where the attacker penetrates 
and assumes enough control to alter the contents of non-volatile storage, for example, 
replacing password files on a harddrive. Such a "root compromise" can turn a computer into 
the cybernetic equivalent of a ticking time bomb, and in fact the computer may be usurped 
and turned into a launching point for a variety of attacks against other networked 
machines. At the very least, all security may be disabled without the knowledge of the 
legitimate user, turning their machine into an attacker's window into the inner workings of 
the organization's methods and techniques. Ordinarily networked computers are part of a 
large and complex system which has a variety of means to trace the source of such attacks, 
such as "dial-up pen-registers"; however, wireless mobile networks could very easily come 
under attacks through their wireless connections and should be highly hardened against 
potential penetration to, and alteration of, their non-volatile storage systems. The present 
commercially-available wireless encryption systems, which are the first line of defense 
against such attacks, are known to be very weak and easily compromised. 

SUMMARY OP INVENTION 

This Invention permits very rapid installation of operating systems onto off-the-shelf 
hardware. Furthermore, this Invention addresses multiple configuration issues pertaining 
to the creation of "InterNet Hosts", and thus enables the very rapid installation of operating 
systems preconfigured to boot into a "ready to internetwork" mode with no subsequent 
configuration needs. It integrates several different existing security and encryption models 
which are considered robust Further, the media on which this Invention will be distributed 
are read-only, providing further defense against InterNet-based attacks. 

DETAILED DESCRIPTION OF THE INVENTION 

Our invention is a Secure Mobile Office Applications Integration Package which runs 
entirely from CD-ROM on computers which do not have the capability to write to the CD- 
ROM. This package integrates two separate layers of encryption and authentication suitable 
to both wireless and hard-wired TCP/IP (IPv4 and IPv6) networked data communications. 
This Package is intended to be used in "ensemble operations" where there are at least two 
computers running with the Package: one of which serves as a Kerberos authentication 
server, as well as a firewall and firewall-traversal proxy (SOCKS5) which both permits 
authorized wireless networked computers to access the global InterNet, and which disallows 
unauthorized networked computers on either side of it to access the other side of the 
firewall; and, one or more "client" machines, laptops equipped with wireless communications 
cards. 

We chose the Linux operating system as it is very robust, and used the Slackware version 7 
distribution with a version 2.4.17 kernel rebuilt to incorporate the "FreeSWAN" IPSEC IP- 
security system for authentication and encryption. Alternatives such as the Microsoft 
Windows (tm) operating system were rejected as being too expensive and vulnerable to 
attack We also rejected approaches using any variant of "SSH" or "OpenSSH" ("secure 
shell") for our host-to-host remote login application; instead we used the MTT "Kerberos" 
system for authentication and encryption of remote logins and remote application activation. 
We used the "PCMCIA-CS" software which enables the Linux kernel to operate PCMCIA 
("PC Card") devices, including the popular Hermes "Prism-F chipset IEEE 802.11b- 
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standard wireless communication cards. We wrote scripts to allow operation entirely from 
CD. 

OPERATION 

When the kernel is booted and starts the "init" process which controls startup and runlevel, 
it calls several scripts* Our special script: 

- initializes portions of random-access internal memory into "ramdisks", and creates 
filesystems there. These are the only read-write elements of this operating system 

- copies, from the CD, into ram disk, those directories and files from the Linux system which 
must be read-write for the operating system to function 

- creates, in ramdisk, a "swap space", or virtual memory area, to permit operations 
exceeding the non-reserved random-access memory of the computer 

- loads into memory and executes such kernel modules, code libraries or applications as are 
necessary for standard operation 

- initializes and starts the wireless communications card (and if so equipped, an ethernet 
PCMCIA network interface card) 

- establishes wireless communications with its wireless-access point and its SOCKS5 
firewall traversing prosy, and negotiates and authenticates to establish IPSEC triple-DES- 
encrypted TCP/IP data communications (client machines); or, alternatively, establishes 
IPSEC communications with authorized hosts such as headquarters computers, and starts 
to proxy between the wireless mobile network and the hardwired global InterNet (firewall 
mode), and also starts up the Kerberos authentication server. 

- establishes virtual private networks between headquarters and the proxy servers, 
including NFS (UNIX network file-system) mounts of remote mass-storage, between client 
machines, and any IPSEC-capable computers which must be accessed. 

- excludes all TCP/IP communications with devices not specifically authorized to participate 
in this Secure Mobile Office Wifeless Local-Area Network, other than those 
communications required to carry the virtual-private-network encrypted TCP/IP packets. 



DETAILED DESCRIPTION OP THE INVENTION 

This system is based on "Slackware Linux 7.1 M , Linux kernel version 2.4.17, and 
"FreeSWAN-1.95", and MIT Kerberos 5-1.2.2., and TCMCIA-CS-3.1.3r. All are freely 
available from the InterNet. The system also makes use of the SOCKS5 Advanced 
Programming Interface ("API") specification and a variety of vendors sell products which 
make use of this API to act as "proxies". 

To create the basis of the system, install the foil distribution (with the exception of ,r X- 
Windows and X- Windows applications) of Slackware Linux 7.1 in the recommended manner 
on a secondary harddrive on an Intel-x86 platform machine running any recent version of 
Linux, and boot to the new Linux installation. Unpack the PreeS/WAN package in the 
recommended manner. Unpack, build, and install MIT Kerberos 5 binaries and libraries in 
the recommended manner. Install your SOCKS5 proxy in the recommended manner. 
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Unpack and configure the linux-2.4.17 kernel package. Configure to build for the intended 
hardware platform, with maximum modularity to assure that a kernel is built which is 
small enough to be capable of stand-alone boot from a 1.44 megabyte floppy. Configure to 
build to include all standard networking features such as TCP/IP, and PPP. Configure to 
support "RAMDISK", with 8 ramdisks of 16384Kbytes in size. Many other kernel 
configuration options exist but are not generally relevant to this particular Specification. 
Complete configuration and build and install the kernel and kernel modules. Reboot to the 
new kernel to test operabihty. If the kernel works, build and install the FreeS/WAN IPSEC 
package which will rebuild the kernel and install the rebuilt kernel. Reboot to the new 
kernel to test the kernel, and make a "boot floppy" from this new IPSEC-capable kernel. 
Unpack, configure, build and install the "PCMCIA-CS" package in a manner appropriate to 
the intended destination machine and relevant kernel configuration options. 

Shutdown in an orderly fashion and reboot to the primary harddrive. Mount the secondary 
hardrive to the primary filesystem in some convenient place. For example we will soecifv 
the directory 7mnt/proto" . 

Modify initialization scripts in the directory /mnt/proto/etc/rc.d to conform to those 
appended in the CDROM labelled "Appendix CDROM-A". These scripts will run at boot 
time to create filesystems in ramdisk and load those filesystems with the appropriate files as 
bootstrap progresses. This completes the basic creation and configuration. 

At this point, one could create an "ISO-9860 image" and burn it to CDROM, and one could 
use the "boot floppy" to boot the CDROM in any Intel-x86 platform PC with 128 megabytes 
of RAM, but multiple copies of such a CDROM would be duplicates of each other and would 
interfere with each other if operated simultaneously on the same non-world-routable 
subnets, or on the world-routable InterNet. 

In production for clients, we will copy the entire contents of /mnt/proto to another directory, 
for example "/mnt/installer". A variety of scripts will take care of such tasks as generating a 
series of IP addresses, hostnames, Kerberos keytabs and configuration files, IPSEC 
configuration files, SOCKS5 configuration files, etc., as necessary to provide each individual 
CDROM with a unique network identity, "personalization", and encryption key. As each 
instance of the package in /mnt/installer is provided with a unique identity and encryption 
keys, it will then be converted to "ISO-9660 image" and burned to CDROM. The final result 
will be a number of CDROMs, each of which will boot with a unique network address and 
network identity, and with all other "individualization configuration" issues resolved. 

Once a series of these CDROMs has been generated, they can be inserted into any laptops or 
workstations based on the Intel-ix86 platform which are equipped with 128 megabytes of 
RAM and a CDROM drive, and IEEE-802.11b Wireless-LAN PCMCIA cards which are 
supported by the "PCMCIA-CS" software package. When the boostrap procedure is finished, 
if an IEEE-802.11b 'Wireless Access Point" is available, these laptops will be full-featured 
"InterNet Hosts" in a network exchanging data with at least one layer of triple-DES 
encryption at all times, ready for users to log in and begin their work. 



